On Fri, Jan 17, 2003 at 01:24:13PM +0000, [EMAIL PROTECTED] wrote: > This is the script: (snip)
Your script only works with one of the three default tables (filter), there are two others (nat and mangle). > Is this setup workable and safe? What should i add? I would include the other two tables and make use of them. Unwanted traffic should be stopped at the earliest opportunity. Which would be the PREROUTING chain in the mangle table. > Some other questions: > * Am i correct in assuming that on a 1 interface system as above, only > the INPUT and OUTPUT chains are used? Or should one check the FORWARD > chain anyway? If you're only talking about the filter table, then TMK, you are correct. However with the mangle and nat tables involved you have something more like this: INBOUND (firewall as destination) - mangle-prerouting - nat-prerouting - filter-input OUTBOUND (firewall as source) - mangle-output - nat-output - filter-output - nat-postrouting -- Jamin W. Collins
